Modern IT Security Requires a Modern Approach

It’s “Technology Tuesday” – my bi-weekly blog about innovative and/or important technologies that can help IT professionals both modernize their data centers as well as aid in their company’s IT Digital Transformation journey.

At Sanity Solutions, we are fond of the often-used definition of insanity: “Doing something repeatedly and expecting different results”. Unfortunately, this applies to many of the traditional approaches to security, including counting on antivirus software to protect you and your company from the ever-expanding security threat attack surface.

This blog is the third of three devoted to security, and will focus on the futility of using traditional signature-based antivirus software to protect your desktops, laptops and mobile phones, as well as your servers or virtual machines. In my first security blog, “Security or Insecurity? That is the question” I showed a particularly discouraging chart showing that despite spending a record $80 billion on security products in 2016, companies still suffered $445 billion in losses from security breaches, a whopping factor of 5X of what was spent to try to prevent the breaches. Clearly this fits the definition of insanity.

I have highlighted two innovative products that both use machine learning and artificial intelligence to stay one step ahead of the bad guys. First, I covered how Darktrace is currently leading the way with a novel approach for Core Infrastructure Protection. My last blog covered the extremely innovative approach that VMware is taking with AppDefense to change the paradigm from “searching for known bad” to one of “defining known good”. AppDefense, with its position in the hypervisor, is uniquely suited to provide an automated detection and response system that compares in real-time the intended state against the run-time state and to detect deviations.

For this edition, I want to highlight Cylance, who is one of the leading Endpoint Detection and Response providers. Cylance replaces traditional reactive antivirus products with a proactive Artificial Intelligence approach that can block not only everyday malware, but more importantly, protect against “zero-day” exploits and ransomware attacks.

CylancePROTECT® leverages artificial intelligence, algorithmic science, and machine learning to provide seamless and silent pre-execution attack prevention that is 99.9% effective with zero reliance on signatures, the cloud, or reputation lookups. CylancePROTECT® quickly and accurately identifies what is benign, what is a threat, and prevents malicious code from ever executing on a targeted system. Although it can be easily implemented with little IT effort, Cylance offers ThreatZEROTM services that help educate customers on security best practices, current malware trends and deployment strategies. After configuration and deployment, Cylance will also ensure customer environments contains zero threats.

However, the ability to quickly detect threats must be coupled with the ability to quickly initiate a response so that a small compromise doesn’t progress into a massive, headline-stealing breach. To address response time, Cylance has also offers CylanceOPTICS, which is a Context Analysis Engine that pushes down both the threat detection and response to the endpoint. In effect, every endpoint acts as its own virtual security operations center with the ability to dynamically detect threats and take response actions without human intervention, on a 24/7 continuous basis.

There are several YouTube videos where Cylance significantly outshines the leading traditional antivirus programs in head-to-head comparisons. More importantly, there are videos where Cylance was able to protect against the recent WannaCry Ransomware worm: https://www.youtube.com/watch?v=eQwJIrlrrYU